US11671455B2ActiveUtilityA1
Ethernet communications device and method for operating an ethernet communications device
Est. expirySep 18, 2039(~13.2 yrs left)· nominal 20-yr term from priority
H04L 69/22H04L 69/321H04L 63/162H04L 63/20H04L 69/323H04L 63/105H04L 69/40H04L 63/10
50
PatentIndex Score
0
Cited by
4
References
20
Claims
Abstract
Embodiments of a device and method are disclosed. In an embodiment, an Ethernet communications device includes a physical layer (PHY) unit or a media access control (MAC) unit configured to perform media access control for the Ethernet communications device. The Ethernet communications device includes a security unit configured to manipulate a data stream in a data path within the Ethernet communications device when the data stream violates or conforms to a pre-defined policy.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. An Ethernet communications device comprising:
a physical layer (PHY) unit; or
a media access control (MAC) unit configured to perform media access control for the Ethernet communications device;
wherein the Ethernet communications device comprises a security unit configured to:
extract frame header information from a data stream in a data path within the Ethernet communications device;
determine whether the data stream violates or conforms to a pre-defined policy determining whether the frame header information violates or conforms to the pre-defined policy; and
output a modified data stream by altering the data stream in the data path within the Ethernet communications device based on whether the data stream violates or conforms to the pre-defined policy;
wherein altering the data stream in the data path includes:
altering a virtual local-area-network identifier (VLAN ID) in the frame header information; or
altering cyclic redundant checksum (CRC) information in the data stream.
2. The Ethernet communications device of claim 1 , wherein the Ethernet communications device communicates via a shared media.
3. The Ethernet communications device of claim 1 , wherein the security unit is further configured to interrupt transmission of the data stream when the data stream violates or conforms to the pre-defined policy.
4. The Ethernet communications device of claim 1 , wherein the security unit is further configured to modify the data stream when the data stream violates or conforms to the pre-defined policy.
5. The Ethernet communications device of claim 1 , wherein the security unit is further configured to receive the pre-defined policy from a media-independent interface (MII) or a secured control channel.
6. The Ethernet communications device of claim 1 , wherein the security unit is a component of the PHY unit.
7. The Ethernet communications device of claim 1 , wherein the security unit is a component of the MAC unit.
8. The Ethernet communications device of claim 1 , wherein the security unit is a component of a media-independent interface (MII) or a reconciliation sublayer between the PHY unit and the MAC unit.
9. The Ethernet communications device of claim 1 , wherein the data stream is altered by altering VLAN ID in the frame header information.
10. The Ethernet communications device of claim 1 , wherein the data stream is altered by altering the CRC information in the data stream.
11. A method of operating an Ethernet communications device, the method comprising:
determining whether or not a data stream in a data path within the Ethernet communications device violates or conforms to a pre-defined policy;
outputting a modified data stream by altering the data stream based on whether the data stream violates or conforms to the pre-defined policy; and
transmitting the modified data stream to one or more other communications devices instead of the data stream;
wherein determining whether or not the data stream violates or conforms to the pre-defined policy comprises extracting frame header information from data stream and comparing the frame header information with the pre-defined policy, and wherein altering the data stream when the data stream violates or conforms to the pre-defined policy comprises altering the data stream when the frame information violates or conforms to the pre-defined policy; and
wherein altering the data stream in the data path includes:
altering a virtual local-area-network identifier (VLAN ID) in the frame header information; or
altering cyclic redundant checksum (CRC) information in the data stream.
12. The method of claim 11 , wherein the Ethernet communications device communicates via a shared media.
13. The method of claim 11 , wherein the frame header information comprises at least one of a source address, a destination address, port information and frame priority information.
14. The method of claim 11 , wherein altering the data stream when the data stream violates or conforms to the pre-defined policy comprises interrupting transmission of the data stream when the data stream violates or conforms to the pre-defined policy.
15. The method of claim 11 , wherein altering the data stream when the data stream violates or conforms to the pre-defined policy comprises modifying the data stream when the data stream violates or conforms to the pre-defined policy.
16. The method of claim 11 , wherein the data stream is altered by altering the VLAN ID in the frame header information.
17. The method of claim 11 , wherein the data stream is altered by altering the CRC information in the data stream.
18. A communications network comprising:
a shared communication medium; and
a plurality of Ethernet communications devices configured to communicate via the shared communication medium, wherein each of the Ethernet communications devices comprising:
a physical layer (PHY) unit; or
a media access control (MAC) unit configured to perform media access control for the Ethernet communications device,
wherein each of the Ethernet communications devices comprises a security unit configured to:
extract frame header information from a data stream in a data path within the Ethernet communications device;
determine whether the data stream violates or conforms to a pre-defined policy by determining whether the frame header information violates or conforms to the pre-defined policy;
output a modified data stream by altering the data stream based on whether the data stream violates or conforms to the pre-defined policy; and
transmit the modified data stream to one or more of the plurality of Ethernet communications device in place of the data stream;
wherein altering the data stream in the data path includes:
altering a virtual local-area-network identifier (VLAN ID) in the frame header information; or
altering cyclic redundant checksum (CRC) information in the data stream.
19. The communications network of claim 18 , wherein the data stream is altered by altering VLAN ID in the frame header information.
20. The communications network of claim 18 , wherein the data stream is altered by altering the CRC) information in the data stream.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.